Looker provides two-factor authentication (2FA) as an additional layer of security to protect data accessible via Looker. With two-factor authentication enabled, every user must authenticate using a one-time code generated by their mobile device when logging in.

The single source of truth for setting this up is the Two-Factor Setup Doc. Here we gather some commonly asked questions.

How do I get into Looker if I get a new phone?

Looker support doesn't make changes to access settings for security reasons but a company admin on your Looker instance can reset your 2FA code:

Go to admin > users > edit (on the particular user)

click "Reset" next to the Two Factor Secret section

This will prompt the user to re-scan the QR code with their Google Authentication app the next time they navigate to your Looker instance. If all the admins on your instance are locked out, contact support@looker.com and we'll take emergency steps.

Why are my Two Factor Authentication (2FA) codes not being accepted?

This is most commonly caused by the time on your phone and the time on Looker being out of sync. Try changing your phone time to Automatic or increasing the Drift time in the Looker 2FA panel. This is discussed in its own article and the setup doc.